Loading .github/workflows/backport.yml +1 −1 Original line number Diff line number Diff line Loading @@ -20,7 +20,7 @@ jobs: if: github.repository_owner == 'NixOS' && github.event.pull_request.merged == true && (github.event_name != 'labeled' || startsWith('backport', github.event.label.name)) runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - uses: actions/checkout@v4 with: ref: ${{ github.event.pull_request.head.sha }} - name: Create backport PRs Loading .github/workflows/basic-eval.yml +2 −2 Original line number Diff line number Diff line Loading @@ -18,8 +18,8 @@ jobs: runs-on: ubuntu-latest # we don't limit this action to only NixOS repo since the checks are cheap and useful developer feedback steps: - uses: actions/checkout@v3 - uses: cachix/install-nix-action@v22 - uses: actions/checkout@v4 - uses: cachix/install-nix-action@v23 - uses: cachix/cachix-action@v12 with: # This cache is for the nixpkgs repo checks and should not be trusted or used elsewhere. Loading .github/workflows/check-by-name.yml +9 −4 Original line number Diff line number Diff line Loading @@ -3,8 +3,10 @@ name: Check pkgs/by-name # The pre-built tool is fetched from a channel, # making it work predictable on all PRs on: pull_request # making it work predictable on all PRs. on: # Using pull_request_target instead of pull_request avoids having to approve first time contributors pull_request_target # The tool doesn't need any permissions, it only outputs success or not based on the checkout permissions: {} Loading @@ -15,8 +17,11 @@ jobs: # as specified in nixos/release-combined.nix runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - uses: cachix/install-nix-action@v22 - uses: actions/checkout@v4 with: # pull_request_target checks out the base branch by default ref: refs/pull/${{ github.event.pull_request.number }}/merge - uses: cachix/install-nix-action@v23 - name: Determining channel to use for dependencies run: | echo "Determining which channel to use for PR base branch $GITHUB_BASE_REF" Loading .github/workflows/check-maintainers-sorted.yaml +2 −2 Original line number Diff line number Diff line Loading @@ -12,11 +12,11 @@ jobs: runs-on: ubuntu-latest if: github.repository_owner == 'NixOS' steps: - uses: actions/checkout@v3 - uses: actions/checkout@v4 with: # pull_request_target checks out the base branch by default ref: refs/pull/${{ github.event.pull_request.number }}/merge - uses: cachix/install-nix-action@v22 - uses: cachix/install-nix-action@v23 with: # explicitly enable sandbox extra_nix_config: sandbox = true Loading .github/workflows/editorconfig.yml +2 −2 Original line number Diff line number Diff line Loading @@ -24,11 +24,11 @@ jobs: - name: print list of changed files run: | cat "$HOME/changed_files" - uses: actions/checkout@v3 - uses: actions/checkout@v4 with: # pull_request_target checks out the base branch by default ref: refs/pull/${{ github.event.pull_request.number }}/merge - uses: cachix/install-nix-action@v22 - uses: cachix/install-nix-action@v23 with: # nixpkgs commit is pinned so that it doesn't break # editorconfig-checker 2.4.0 Loading Loading
.github/workflows/backport.yml +1 −1 Original line number Diff line number Diff line Loading @@ -20,7 +20,7 @@ jobs: if: github.repository_owner == 'NixOS' && github.event.pull_request.merged == true && (github.event_name != 'labeled' || startsWith('backport', github.event.label.name)) runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - uses: actions/checkout@v4 with: ref: ${{ github.event.pull_request.head.sha }} - name: Create backport PRs Loading
.github/workflows/basic-eval.yml +2 −2 Original line number Diff line number Diff line Loading @@ -18,8 +18,8 @@ jobs: runs-on: ubuntu-latest # we don't limit this action to only NixOS repo since the checks are cheap and useful developer feedback steps: - uses: actions/checkout@v3 - uses: cachix/install-nix-action@v22 - uses: actions/checkout@v4 - uses: cachix/install-nix-action@v23 - uses: cachix/cachix-action@v12 with: # This cache is for the nixpkgs repo checks and should not be trusted or used elsewhere. Loading
.github/workflows/check-by-name.yml +9 −4 Original line number Diff line number Diff line Loading @@ -3,8 +3,10 @@ name: Check pkgs/by-name # The pre-built tool is fetched from a channel, # making it work predictable on all PRs on: pull_request # making it work predictable on all PRs. on: # Using pull_request_target instead of pull_request avoids having to approve first time contributors pull_request_target # The tool doesn't need any permissions, it only outputs success or not based on the checkout permissions: {} Loading @@ -15,8 +17,11 @@ jobs: # as specified in nixos/release-combined.nix runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - uses: cachix/install-nix-action@v22 - uses: actions/checkout@v4 with: # pull_request_target checks out the base branch by default ref: refs/pull/${{ github.event.pull_request.number }}/merge - uses: cachix/install-nix-action@v23 - name: Determining channel to use for dependencies run: | echo "Determining which channel to use for PR base branch $GITHUB_BASE_REF" Loading
.github/workflows/check-maintainers-sorted.yaml +2 −2 Original line number Diff line number Diff line Loading @@ -12,11 +12,11 @@ jobs: runs-on: ubuntu-latest if: github.repository_owner == 'NixOS' steps: - uses: actions/checkout@v3 - uses: actions/checkout@v4 with: # pull_request_target checks out the base branch by default ref: refs/pull/${{ github.event.pull_request.number }}/merge - uses: cachix/install-nix-action@v22 - uses: cachix/install-nix-action@v23 with: # explicitly enable sandbox extra_nix_config: sandbox = true Loading
.github/workflows/editorconfig.yml +2 −2 Original line number Diff line number Diff line Loading @@ -24,11 +24,11 @@ jobs: - name: print list of changed files run: | cat "$HOME/changed_files" - uses: actions/checkout@v3 - uses: actions/checkout@v4 with: # pull_request_target checks out the base branch by default ref: refs/pull/${{ github.event.pull_request.number }}/merge - uses: cachix/install-nix-action@v22 - uses: cachix/install-nix-action@v23 with: # nixpkgs commit is pinned so that it doesn't break # editorconfig-checker 2.4.0 Loading
